Ensure unattached disks are encrypted
Error: Unattached disks are not encrypted
Bridgecrew Policy ID: BC_AZR_GENERAL_34
Checkov Check ID: CKV2_AZURE_14
Severity: LOW
Unattached disks are not encrypted
Description
TBA
Fix - Buildtime
Terraform
- Resource: azurerm_resource_group, azurerm_managed_disk, azurerm_virtual_machine
- Argument: encryption_settings.encrypted
resource "azurerm_resource_group" "group" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_managed_disk" "managed_disk_good_1" {
name = "acctestmd"
location = "West US 2"
resource_group_name = azurerm_resource_group.group.name
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1"
+ encryption_settings {
+ enabled = true
}
tags = {
environment = "staging"
}
}
resource "azurerm_virtual_machine" "virtual_machine_good_1" {
name = "$vm"
location = "location"
resource_group_name = azurerm_resource_group.group.name
network_interface_ids = ["id"]
vm_size = "Standard_DS1_v2"
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk1"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_id = azurerm_managed_disk.managed_disk_good_1.id
}
}
Updated over 1 year ago